588724 – net-misc/dhcpcd-6.11.1 segfault in ipv4ll_conflicted error 4 in dhcpcd - NULL pointer deference when ARP conflict occurs

Bug 588724 - net-misc/dhcpcd-6.11.1 segfault in ipv4ll_conflicted error 4 in dhcpcd - NULL pointer deference when ARP conflict occurs

Summary: net-misc/dhcpcd-6.11.1 segfault in ipv4ll_conflicted error 4 in dhcpcd - NULL...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	William Hubbs

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2016-07-13 00:01 UTC by jospezial
Modified:	2016-07-21 22:49 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description jospezial 2016-07-13 00:01:05 UTC

upstream ticket:
http://roy.marples.name/projects/dhcpcd/info/61803be50bfc1724

upstream fix
http://roy.marples.name/projects/dhcpcd/info/824b648f67e9f33d


Jul 13 01:17:50 jlgentoo kernel: forcedeth 0000:00:14.0 enp0s20: link down
Jul 13 01:17:50 jlgentoo dhcpcd[16567]: enp0s20: carrier lost
Jul 13 01:17:50 jlgentoo dhcpcd[16567]: enp0s20: deleting route to 192.168.1.0/24
Jul 13 01:17:50 jlgentoo dhcpcd[16567]: enp0s20: deleting default route via 192.168.1.1
Jul 13 01:17:51 jlgentoo ntpd[1482]: Deleting interface #33 enp0s20, fe80::364b:2c7f:33b2:8534%2#123, interface stats: received=0, sent=0, dropped=0, active_time=1191 secs
Jul 13 01:17:51 jlgentoo ntpd[1482]: Deleting interface #34 enp0s20, 192.168.1.2#123, interface stats: received=0, sent=8, dropped=0, active_time=214 secs
Jul 13 01:17:51 jlgentoo ntpd[1482]: 131.234.137.24 local addr 192.168.1.2 -> <null>
Jul 13 01:17:51 jlgentoo ntpd[1482]: 5.9.80.113 local addr 192.168.1.2 -> <null>
Jul 13 01:17:51 jlgentoo ntpd[1482]: 62.116.130.3 local addr 192.168.1.2 -> <null>
Jul 13 01:17:51 jlgentoo ntpd[1482]: 195.34.187.132 local addr 192.168.1.2 -> <null>
Jul 13 01:18:08 jlgentoo kernel: forcedeth 0000:00:14.0 enp0s20: link up
Jul 13 01:18:08 jlgentoo dhcpcd[16567]: enp0s20: carrier acquired
Jul 13 01:18:08 jlgentoo dhcpcd[16567]: enp0s20: IAID 60:87:12:72
Jul 13 01:18:08 jlgentoo dhcpcd[16567]: enp0s20: soliciting an IPv6 router
Jul 13 01:18:09 jlgentoo dhcpcd[16567]: enp0s20: rebinding lease of 192.168.1.2
Jul 13 01:18:09 jlgentoo dhcpcd[16567]: enp0s20: reject NAK via 192.168.178.1
Jul 13 01:18:09 jlgentoo ntpd[1482]: Listen normally on 35 enp0s20 [fe80::364b:2c7f:33b2:8534%2]:123
Jul 13 01:18:13 jlgentoo dhcpcd[16567]: enp0s20: reject NAK via 192.168.178.1
Jul 13 01:18:14 jlgentoo dhcpcd[16567]: enp0s20: probing for an IPv4LL address
Jul 13 01:18:14 jlgentoo dhcpcd[16567]: enp0s20: DHCP lease expired
Jul 13 01:18:14 jlgentoo dhcpcd[16567]: enp0s20: soliciting a DHCP lease
Jul 13 01:18:14 jlgentoo kernel: dhcpcd[16567]: segfault at 10 ip 000000000042d2ad sp 00007ffdf282d760 error 4 in dhcpcd[400000+59000]
Jul 13 01:19:09 jlgentoo /etc/init.d/dhcpcd[16708]: start-stop-daemon: no matching processes found



gdb output:

Program received signal SIGSEGV, Segmentation fault.
0x000000000042d2ad in ipv4ll_conflicted (astate=0x18cb040, amsg=0x7ffc685a3110) at ipv4ll.c:257
257     ipv4ll.c: Datei oder Verzeichnis nicht gefunden.
(gdb) bt f
#0  0x000000000042d2ad in ipv4ll_conflicted (astate=0x18cb040, amsg=0x7ffc685a3110) at ipv4ll.c:257
        ifp = 0x18cb770
        state = 0x18c9bf0
        fail = 0
        __func__ = "ipv4ll_conflicted"
#1  0x000000000041e47e in arp_packet (arg=0x18cb770) at arp.c:192
        ifp = 0x18cb770
        ifn = 0x0
        buf = "\000\001\b\000\006\004\000\001X\213\363E{\253\300\250\001\001\000\000\000\000\000\000\300\250\001\001", '\000' <repeats 21 times>, "\062Zh\374\177\000"
        ar = {ar_hrd = 256, ar_pro = 8, ar_hln = 6 '\006', ar_pln = 4 '\004', ar_op = 256}
        arm = {op = 0, sha = "X\213\363E{\253\251\376\020J\000\000\000\000\000\000\000\000\000", sip = {s_addr = 16885952}, 
          tha = "\000\000\000\000\000\000Zh\374\177\000\000\000=,\000v\266", <incomplete sequence \316>, tip = {s_addr = 16885952}}
        bytes = 46
        state = 0x18cb360
        astate = 0x18cb040
        astaten = 0x18c9b20
        hw_s = 0x7ffc685a3158 "X\213\363E{\253\300\250\001\001"
        hw_t = 0x7ffc685a3162 ""
        flags = 0
#2  0x000000000040b9c8 in eloop_start (eloop=0x18b8a90, signals=0x7ffc685a3378) at eloop.c:950
        n = 1
        e = 0x18b8b30
        t = 0x18c9e20
        now = {tv_sec = 7491, tv_nsec = 853120809}
        ts = {tv_sec = 1, tv_nsec = 546766869}
        tsp = 0x7ffc685a3210
        t0 = 0x40adf6 <eloop_q_timeout_add_sec+88>
        epe = {events = 1, data = {ptr = 0x18b8b30, fd = 25922352, u32 = 25922352, u64 = 25922352}}
        timeout = 1547
#3  0x0000000000409d2f in main (argc=2, argv=0x7ffc685a35e8) at dhcpcd.c:1926
        ctx = {pidfile = "/run/dhcpcd.pid", '\000' <repeats 23 times>, cffile = 0x44a009 "/etc/dhcpcd.conf", 
          options = 310326615013776393, logfile = 0x0, log_fd = -1, argc = 2, argv = 0x7ffc685a35e8, ifac = 0, ifav = 0x0, ifdc = 0, 
          ifdv = 0x0, ifc = 0, ifv = 0x7ffc685a35f8, ifcc = 0, ifcv = 0x0, duid = 0x18c9b70 "", duid_len = 14, ifaces = 0x18c9870, 
          pf_inet_fd = 6, priv = 0x18b9d80, link_fd = 4, seq = 130, sseq = 130, sigset = {__val = {0 <repeats 16 times>}}, 
          eloop = 0x18b8a90, control_fd = 8, control_unpriv_fd = 9, control_fds = {tqh_first = 0x0, tqh_last = 0x7ffc685a3408}, 
          control_sock = "/run/dhcpcd.sock", '\000' <repeats 20 times>, control_group = 0, vivso = 0x0, vivso_len = 0, 
          randomstate = 0x7f1a28fa80c0 "\003", ppid = 15841, pseq = 12, dhcp_opts = 0x18b6630, dhcp_opts_len = 123, 
          ipv4_routes = 0x18b8b80, ipv4_kroutes = 0x18cb340, udp_fd = 13, opt_buffer = 0x0, opt_buffer_len = 0, secret = 0x0, 
---Type <return> to continue, or q <return> to quit---
          secret_len = 0, nd_opts = 0x18b88d0, nd_opts_len = 6, dhcp6_opts = 0x18bf130, dhcp6_opts_len = 70, ipv6 = 0x18cb950, 
          dev_load = 0x0, dev_fd = 11, dev = 0x18b9cf0, dev_handle = 0x18b8c60}
        ifo = 0x0
        ifp = 0x0
        family = 0
        opt = 1
        oi = 0
        i = 0
        t = 30
        len = 140722059227912
        pid = 0
        sig = 0
        siga = 0x0
        __func__ = "main"
(gdb) cont
Continuing.

Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
(gdb) quit

jlgentoo ~ # /etc/init.d/dhcpcd restart
 * Unmounting network filesystems ...                                                                                             [ ok ]
 * Stopping DHCP Client Daemon ...
 * start-stop-daemon: no matching processes found                                                                                 [ ok ]
 * Starting DHCP Client Daemon ...                                                                                                [ ok ]
jlgentoo ~ #  * Mounting network filesystems ...                                                                                  [ ok ]

Comment 1 William Hubbs gentoo-dev

2016-07-21 22:49:37 UTC

This patch is applied in 6.11.1-r1.

Thanks for the report and the link to the patch. :-)

William